ZenTao.importNotice.SQL.Injection
Description
This indicates an attack attempt to exploit a SQL Injection vulnerability in ZenTao.
The vulnerability is caused by a lack of sanitation on certain parameters within a user's HTTP POST request before using it in a SQL query. An attacker can exploit this with a constructed payload to execute SQL commands on a vulnerable server.
Affected Products
ZenTao versions 16.4 to 18.0.beta1
Impact
System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.zentao.net/extension-browseRelease-6-front.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |